WSGISocketPrefix run/wsgi
#WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
WSGIPassAuthorization On
WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=4 threads=4 inactivity-timeout=300
WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300

## Redirects http -> https

<VirtualHost *:80>
  RewriteEngine on
  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
  ServerName {{ external_hostname }}
  Redirect permanent / https://{{ external_hostname }}/
</VirtualHost>

<VirtualHost *:80>
  RewriteEngine on
  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
  ServerName docs.{{ external_hostname }}
  Redirect permanent / https://docs.{{ external_hostname }}/
</VirtualHost>

<VirtualHost *:80>
  RewriteEngine on
  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
  ServerName releases.{{ external_hostname }}
  Redirect permanent / https://releases.{{ external_hostname }}/

# Added until we can get the cert out
  DocumentRoot "/var/www/releases"

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>



## End of redirects http -> https


<VirtualHost *:443>
  ServerName {{ external_hostname }}

  Alias "/robots.txt" "/var/www/html/robots.txt"

  WSGIScriptAlias / /var/www/pagure.wsgi

  ServerAdmin admin@fedoraproject.org

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

  SSLCertificateFile    /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
  SSLProtocol ALL -SSLv2

  Alias /static /usr/lib/python2.7/site-packages/pagure/static/

  SetEnv GIT_PROJECT_ROOT /srv/git/repositories

  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/git/repositories/$1
  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/repositories/$1
  ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
    info/refs | \
    objects/info/[^/]+ | \
    git-(upload|receive)-pack))$" \
    /usr/libexec/git-core/git-http-backend/$1

  # Configure static files so that a custom theme can override the defaults
  RewriteEngine on

  RewriteCond "{{ pagure_theme_static_dir }}/$1" -f
  RewriteRule "^/static/(.*)" "{{ pagure_theme_static_dir }}/$1" [L]

  # Use the application default theme for files not customized

  RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]


  <Location />
   WSGIProcessGroup pagure
   <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
   </IfModule>
   <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
   </IfModule>
  </Location>

  <Location /releases>
  Redirect "/releases" https://releases.{{ external_hostname }}
  </Location>

</VirtualHost>


<VirtualHost *:443>
  ServerName docs.{{ external_hostname }}

  WSGIScriptAlias / /var/www/docs_pagure.wsgi

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"


  SSLCertificateFile    /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
  SSLHonorCipherOrder On
  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
  SSLProtocol ALL -SSLv2

  # Configure static files so that a custom theme can override the defaults
  RewriteEngine on

  RewriteCond "{{ pagure_theme_static_dir }}/$1" -f
  RewriteRule "^/static/(.*)" "{{ pagure_theme_static_dir }}/$1" [L]

  # Use the application default theme for files not customized

  RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]

  <Location />
    WSGIProcessGroup paguredocs
    <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
    </IfModule>
   </Location>
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/var/www/releases"
  ServerName releases.{{ external_hostname }}

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>

